Asko Kauppi wrote:
>Imho, this is not a question of Turing-to-or-not but of proper
>sandboxing, right? I mean, if there's absolutely no way the program
>can contact outside world (read files etc.) then what harm could
>turingness possibly do?
>OTOH, ability to read files etc. would be beneficial in the
>configuration files, so.. it's about where you draw the line. Perhaps
>just disallow any writes? Sandboxing per se is relatively easy with
>Lua.
I think there is one whole class of applications where sandboxing
works fine, and another class where the real issue is Turing-completeness.
A good sandboxing example would be the barbie.com web site that my
daughters think is the main reason for the internet's existence.
You go to the site, and it runs a flash application, which lets
you do things like dress Barbie up in different clothes, give her
a makeover, etc. The application does not and should not read or
write files on my computer. It runs in a sandbox, and everyone's
happy.
OTOH, I think configuration files are a perfect example of something
where sandboxing won't work. The whole point of, say, sendmail's
configuration file is that sendmail is going to handle a bunch of
e-mail messages for me, and that means reading and writing files
on disk. The config file itself may not be a program that says
"write this to this mailbox," but the config file's reason for
existing is to control the behavior of a program that will write
something to a particular mailbox.
I've been thinking about this general idea for several years, and
have several applications in mind that are of interest to me,
personally. One recent example is that I have a copylefted physics
textbook I wrote, which a guy in Belgium is now translating into
French. We were thinking of using a software tool called
po4a (http://po4a.alioth.debian.org/) to manage the French and
English versions in parallel. However, po4a is meant to manipulate
files that are written in Turing-incomplete languages (such as
SGML), whereas my book is written in a Turing-complete language
(TeX). This creates some real difficulties, since it's impossible
for po4a to, in some sense, "understand" a file that's written in
a Turing-complete language.
I actually got as far as beginning to
design a language (a Turing-complete language that would have
a Turing-incomplete subset useful for data description), and then
I started thinking, "Hey, what I'm designing sounds an awful lot
like that language Lua I heard about. Am I reinventing the wheel?"
It's actually a little spooky how similar they were, e.g., I was
thinking of having the essential language construct be a
syntax like this
(name="Bush" job="president") ,
which looks an awful lot like
{name="Bush", job="president"} !